Embed Size (px)
Citation preview
supported by
How mobile technology is revolutionising the workplace
BRING YOUR OWN
DEVICE
Sony Cover:Statesman supplements 29/10/2013 11:48 Page 1
2 | NEW STATESMAN | 1-7 NOVEMBER 2013
FACTS & FIGURES
31%
42%
66%
51%
58%
23%
Percentage of employeeswho think they will bemore productive usingtheir own device
40%
37min
the average timesaved by BOYD per employee each week
of senior managers use personalsmartphones in the workplace
of people use their own laptop for work purposes
of people take theirwork laptop home each day
of the UK population own a smartphone
of people in the UK use a mobile device for work
of UK businesses have introduced a BYOD policy
37%
35%
31%
30%
27%
like to work withany device,anywhere
like to combine work and personal use
like because it avoidsusage restrictions
want a consumerexperience at work
want to access non-workapps while at work
16% of companies worldwideperceived job satisfaction as a benefit of BYOD
13%
21%
16%
16%
15%
11%17%
12%
The global view: percentage of companies stating job satisfaction as a key benefit of BYOD
Top 5 reasons whyemployees like BYOD
Bring-your-own-device: the story in numbers
Sour
ce: S
ony;
Cis
co; A
ppSe
nse;
You
Gov;
Ofc
om
02 & 15 Infographics:Statesman supplements 10/29/2013 11:59 AM Page 22
1-7 NOVEMBER 2013 | NEW STATESMAN | 3
New Statesman7th FloorJohn Carpenter HouseJohn Carpenter StreetLondon EC4Y 0ANTel 020 7936 6400Fax 020 7936 [email protected] enquiries,reprints and syndication rights:Stephen [email protected] 731 8496
Supplement EditorBecky SlackEditorial assistantCharlotte SimmondsDesign & ProductionLeon ParksGraphicsSean Messin
Commercial DirectorPeter Coombs020 7936 6753Account DirectorJugal Lalsodagar 020 7936 6808
Flexible working is here to stay
Making remote working work P8
How BYOD can boost the value of UK plc P6
4 A little flexibility can benefit us allResponding to the changing workplace can be a challenge, but it’s also rewarding, argues Iqbal Wahhab
5 Welcome to the world of BYODIn a few short years we have undergone a mobile revolution, says Ruth Storey
6 Greater agility boosts financial returnsThe competitiveness of UK plc depends on greater workforce agility, writes Sir Win Bischoff
8 Managing the office in your pocketBring-your-own-device is here to stay. So how do we make it work, asks Donald McLaughlin
10 Protecting your assetsFailure to comply to strict data protection laws could land organisations in trouble, says Simon Rice
12 Flexible, mobile, secureThe number of security threats to a device is growing, finds Charlotte Simmonds
14 A balancing actThere are benefits and disadvantages to BYOD for all types of organisations, large and small
The paper in this magazineoriginates from timber that issourced from sustainableforests, responsibly managedto strict environmental, socialand economic standards. The manufacturing mills haveboth FSC and PEFCcertification and also ISO9001and ISO14001 accreditation.
How are you reading this supplement? Chancesare you will be accessing it online, via either a tablet or smartphone, some 128 million and1.4 billion of which are currently in useworldwide, respectively – figures that are set torise dramatically as we head into 2014.
Our love of technology is not only changingthe way we access information, it is also havingan impact on our working lives. As thissupplement, supported by Sony VAIO, shows,the increasing use of portable devices is enabling
more mobile working practices. The ability towork from anywhere, any time, offers manybenefits for both employer and employee,including the opening up of opportunities forpeople who need flexibility in their workinghours, such as parents and carers.
However, as more personal devices arebrought into the workplace, a number ofchallenges arise, such as how to manage securityrisks and ensure data remains protected. Thissupplement addresses these issues and more. l
CO
VER
: SH
UT
TER
STO
CK
/DE
SIG
N B
Y L
EON
PA
RK
S
First published as a supplement to the New Statesman1-7 November 2013.© New Statesman Ltd. All rightsreserved. Registered as anewspaper in the UK and USA.
This supplement, and other policy reports, can be downloaded from the NS website at newstatesman.com/supplements
Ignore data protection laws at your peril P10
CONTENTS
ARTICLES
03 contents:Statesman supplements 29/10/2013 11:14 Page 3
4 | NEW STATESMAN | 1-7 NOVEMBER 2013
By the end of this year, there will be1.4 billion smartphones in use on theplanet – one for every fifth person
alive. Here in the UK, over half the adultpopulation owns one. Worldwide, an esti-mated 128 million tablets were shippedglobally last year, a year-on-year rise of al-most 80 per cent, with tablets now foundin nearly a quarter of UK households. Lap-top computers, once considered a luxury,are now the UK’s most popular electronicdevice – 80 per cent of us have one athome.
It was less than a decade ago that peoplestarted taking about “the internet goingmobile”. Ofcom’s inaugural Communica-tions Market Report, way back in 2004, re-vealed that operators would soon be offer-ing “internet content specifically tailoredfor reception on a mobile phone”.
The mobile revolution has impactedboth on the way we live and the way wework. Today, most of us can’t imagine liv-ing without the internet in our pockets. Thesmartphone has become synonymous withagility, data and connectivity. Progress hasbeen exhilarating: the tablet; the rise oftouch screens; and biometrics, such as fin-gerprint entry and voice commands.
At Sony, we’re interested in exploringhow technology will change the landscapefurther and how we can make mobility apositive for the global workforce.
“In many ways, it seems we are all livingthe technology dream,” says Dave Coplin,chief envisioning expert at our partner Mi-crosoft. “The advent of the internet and theever faster evolution of services and deviceshave transformed the way people live theirlives. We live in a period where technology
has become a natural part of our existence.”Agile working means being out of touch
is no longer an option. People want the ca-pacity to use their own devices to work out-side the office if needed. We want access todata and services out of office hours, whileincreased time spent with mobile devices inour personal lives means that working withour own can be more comfortable and pro-ductive than using company tools, whichmay be unfamiliar or out-of-date.
Gone are the days of “one-size-fits-all”working practices. Welcome to the world ofbring-your-own-device (BYOD).
Sony supports flexible working and em-braces BYOD as an innovative solution formany business needs. Many of our prod-ucts are designed specifically with BYODin mind, and allow companies to work
smarter, faster and more responsively. OurUltrabooks, for example, are slim and easilyportable, with the advantage of durabilityand long battery life. Our designs have ad-vanced with the demands of consumerswho see their devices as indispensable – afluid part of life that caters seamlessly topersonal and professional needs. Mean-while, cutting-edge, user-focused securityfeatures are on the rise: anti-theft technol-ogy; GPS location tracking; remote lock-down; biometrics; encryption; and the lat-est on data security – all of which underpinSony’s business-focused devices. This is
Welcome to theworld of BYOD
In many ways, it seemswe are all living thetechnology dream
by RRuth Storey
In a few short years we have undergone a mobile revolution,and there are more exciting developments to come
THE SPONSOR’S VIEW
important. Our 2013 VAIO Digital Businessreport revealed the extent of some of thesechallenges. For example, one in four UKbusinesses have had a laptop stolen, equat-ing to around a million missing computers.
Successful implementation of BYODand other agile working habits requires abalance between managing corporate andpersonal information. Fortunately, we’refaced with a range of solutions that can en-able any business – small or multinational –to jump the hurdles and maximise the posi-tives of a happy, flexible workforce.
Britain is a nation of workaholics – weknow that 66 per cent of people take theirwork laptop home with them every day.Our hardworking habits make us one of themost industrious nations on the planet, butit’s critical that we educate employers andemployees on how to use the mobile secu-rity measures readily available to them.
Today, companies around the world aresetting goals to meet the demand for flexi-ble working – and we see this as a positivething, as Coplin describes:
“With the concept of BYOD, we fear thechaos that it might cause rather than under-standing how it represents a brave newworld, where the ‘dumb user’ is a myth andpeople expect more from technology ratherthan having it managed for them,” he says.
It is important that we keep our eyes onthe values that BYOD done right can bring.In a world where technology can help toshape a rich economy with employee em-powerment, employer adaptability andcorporate innovation at its heart, we are excited for the future.Ruth Storey is category marketing managerfor Sony, VAIO
04 Sony View:Statesman supplements 29/10/2013 11:13 Page 4
1–7 NOVEMBER 2013 | NEW STATESMAN | 5
Flexible working is itself flexible: there areseveral types of working arrangements that come under this heading. Under gov-ernment legislation, parents and carershave a right to request it, and to deny it anemployer must show how it could have anegative effect on its operations. Framingalternative arrangements in this way canmake it seem adversarial.
Flexible working is a way for businessesto respond to the needs of their employees,for individuals to engage and participatemore at work, and for the economy as awhole to be more productive and diverse.
There are two main formats of flexibleworking: the type which enables differenttypes of people to participate in work, andthe type which enables different types ofwork. Both are increasingly important foreconomic growth and competitiveness.
At the heart of the concept of flexibleworking is trust. Trust is vital between theemployee and the employer. All the variousarrangements depend on it, whether theflexibility is based on flexitime or staggeredhours, teleworking or job sharing. The em-ployer must trust the employee to be dili-gent away from the gaze of management,and the employee must trust the employerto maintain their rights and opportunitieswhile following what is still a less-commonapproach to work. Trust, however, cannotbe given, only earned. And it cannot workin only one direction.
All parties win when there is trust between the employer and employee, andbetween the manager and the worker.
When a business is able to trust an em-ployee, they are likely to grant them morediscretion and control over their work.(Flexible working is, of course, an aspect of control over work in itself.) Employeeswith this discretion feel more engaged in their roles. Meanwhile, engagement islinked to all the qualities an employer couldhope for in their staff: greater productivity,better health and wellbeing, reducedturnover, improved innovation . . .
For many people, flexible working can bea way to stay at work when life circum-stances change, whether this is to do withresponsibilities to children or relatives athome or to do with their own retirement or
ill-health. For others, it can be a way back towork. We all benefit, as an economy and asociety, when a broader range of prospectsare open to those who otherwise may notbe able to work full time or otherwise.
Flexibility also enables different kinds ofwork to take place. At the moment, remoteworking is often seen as the preserve of acertain kind of job; as a recent Wired articleput it, for office drones typing “90-pagememos on paper-clip appropriations”. But,as the UK Commission for Employmentand Skills (UKCES) is finding in its ongoingresearch into the mega-trends driving the
A little flexibility can benefit us all
At the heart of theconcept of flexible
working is trust
by Iqbal Wahhab
Shifting demands within the workplace require us to adapt, both to how we work andwhere we work. Responding to these changes can be a challenge, but if we can get it rightthere are rewards to be enjoyed
BYOD AND THE WORKFORCE
future of jobs and skills, flexible and remoteworking are likely to disrupt many morevaried occupations. A vivid example is RAFofficers living in Lincolnshire , commutingto an office to fly drone missions overAfghanistan. Another, more prosaic, trendis for work to take place on a subject or proj-ect basis rather than a geographic one. Re-search suggests 57 per cent of workers hadseen an increase in collaboration from dif-ferent locations. The emerging findingssuggest these trends will continue.
This can lead to real agility, particularly insmall businesses. Being able to draw on tal-ent across the region, nation or planet canlead to spectacular growth. But shifting to amore flexible culture is not without its chal-lenges. As UKCES research on the digitaleconomy makes clear, trends such as bring-your-own-device (BYOD) can enable greatflexibility, but they are an example of em-ployees changing their work environment.This is a turnaround from a world where,particularly in the largest firms, companiesare more used to moulding their employees.
The shifting demands on both sides re-quire a change in the approach to skills andlearning at work. Managers used to com-mand-and-control must themselves learnto cope with flexibility. Workers need to becomfortable with taking more responsibil-ity for prioritisation and being more proac-tive. But both of these changes are undoubt-edly positive. At work, as in life, a littleflexibility can help us all. Iqbal Wahhab is founder of Roast Restaurantand a commissioner at the UKCES
05 Flexible:Statesman supplements 29/10/2013 11:37 Page 5
6 | NEW STATESMAN | 1-7 NOVEMBER 2013
The business environment has changeddramatically since the 1980s. Ad-vanced technologies, rapid globalisa-
tion, changing demographics and new societal values have completely redefinedthe corporate landscape, creating oppor -tunities and challenges that require differ-ent approaches to our ways of working.Working practices, however, have largelyfailed to adapt sufficiently to meet these opportunities.
The challenges of today’s corporate land-scape require businesses to establish theoptimal workforce to support their objec-tives by harnessing demographic and soc-ietal changes and by maximising the use ofnew technologies to the benefit of both employers and employees. Business com-petitiveness is dependent on adapting agileworking practices; failure to do so will limitgrowth and inhibit the UK’s ability to com-pete globally.
Last year, at the request of the DeputyPrime Minister, I launched the Agile FutureForum (AFF) with leaders from 22 of ourmost successful companies. While thesemembers differed in terms of sector, sizeand location, they all shared a commonview that a more agile approach to work is anecessity for the whole of UK plc. Addi-tionally, they all had evidence that agileworking practices generate significant and
tangible economic benefits for business. Workforce agility encompasses a signifi-
cant restructure of workforce practicesacross four key areas: time; location; role;and source. Part-time employment, stagedretirement, multiple-site working, multi-skilling, freelancing and contract work, allof which are realities for today’s businessesand its employees, are supported to thebenefit of both parties through the adop-tion of agile working practices.
The AFF is committed to providing theleadership and practical support required toincrease agile working practices across UKplc. However, we recognise there are barri-ers currently in the way of businesses con-sidering this. Most companies’ approach toagility is restricted to the employee valueproposition (the balance of the rewards andbenefits that are received by employees inreturn for their performance at the work-place) space that often sits in the “parents”or “women’s” issue department. However,it is important to recognise the wider busi-ness case for workforce agility.
Greater agility boostsfinancial returns
Significant value is beingrealised by those
applying agile practices
by Sir Win Bischoff
The competitiveness of UK plc depends on greater workforce agility
BYOD AND THE ECONOMY
Flexible working hours have becomefairly standard and are usually positioned asan employee benefit. Many companies haveintroduced them as a means of attractingand retaining employees who are seeking toimprove their work/life balance. However,agile working practices extend beyond theintroduction of flexible hours and havebeen proven to directly benefit overall busi-ness performance – not just employees.
The AFF, supported by McKinsey, carriedout research defining the business value ofworkforce agility in supporting the compet-itiveness of UK plc. This showed that signif-icant value is already being realised by thosebusinesses applying agile working practices– value equivalent to 3 to 13 per cent of work-force costs. The research also demonstratedthat most current practices could be ex-tended to capture additional business bene-fit valued at 3 to 7 per cent of workforce costsand a sales uplift of 11 per cent.
Implementing agile working practices ef-fectively cannot remain solely in the do-main of HR departments. Chief executiveleadership is vital – creating the right cul-ture from the top down. However, in theCBI’s 2011 survey of businesses, 32 per centof leaders surveyed believed that extendingagile working practices would have a nega-tive impact on productivity. With littleavailable research into how businesses
6-7 Work Force Agility:Statesman supplements 29/10/2013 12:28 Page 4
1-7 NOVEMBER 2013 | NEW STATESMAN | 7
themselves can benefit from agile working,it is not surprising that workforce agility isstill perceived to be a cost and threat to busi-ness, rather than a necessity to ensuregrowth and maintain competitiveness.
This is precisely why the AFF was estab-lished. In addition to the research to date,we are sharing our newly developed busi-ness value assessment with organisationsacross the UK through a seminar pro-gramme. Our report and website set out detailed case studies of how foundingmembers have benefited from agile working. Importantly, we also provideguidelines as to how other businesses canreplicate these benefits.
Workforce agility offers benefits for all,but it is not a one-size-fits-all. All membersof the AFF – which includes large firms andSMEs – are committed to sharing what theyhave learnt as individual companies in order to enable other companies and organ-isations to assess the potential businessvalue of agile working practices.
For example, when the legal firm Ever-sheds allowed employees the freedom tochoose their own model of working, it ledto 28 per cent of staff reporting increasedproductivity and 14 per cent of staff increas-ing their chargeable hours. A head officefunction at Lloyds Banking Group identi-fied further opportunity to reduce prem-
ises costs by 23 per cent through multi-sitepractices. Meanwhile, BT was able to repa-triate a call centre from India to the UK dueto agile working practices that enabled it toimprove customer service on more com-petitive terms. This is expected to bringmore than 500 jobs back to the UK and gen-erate business benefits of around £30m forBT over three years.
At all levels, small changes can deliversignificant benefits. This is perhaps mostreadily seen in how businesses are using ad-vanced technologies to support more agileworking practices.
Bring Your Own Device (BYOD) prac-tices, where individuals are able to access,share and store business information securely via their personal device of choice,are delivering bottom-line benefits to an increasing number of companies of diversesizes operating across many industry sec-tors. Within Lloyds Banking Group, we arecurrently running a BYOD pilot pro-gramme that includes over 1,000 employ-ees across the business who have been pro-vided with access to a number of corporatesystems via an app on their choice of asmartphone or tablet. This replaces theneed to carry multiple devices such asBlackBerrys and personal phones and allows them to manage their work and non-work lives from one platform.
We have found that BYOD is an impor-tant tool to help support greater agilitywithin the business. Colleagues in the pilothave increased their productivity as BYODprovides a more flexible and efficient way ofworking. The costs of the scheme are offsetby these enhanced efficiencies and levels ofproductivity. For Lloyds Banking Group,for example, BYOD is proving to be a win-win for both the business and its employees.
“I think the smartphone and tablet are aspersonal as a fountain pen or a wallet – boththings that they replace. They’re mouldedto the way you arrange your life and BYODmeans that I can work when I want, where Iwant. That means I benefit and so does thebusiness,” says Rupert McNeil, director ofgroup HR at Lloyds Banking Group.
Cisco, a founding member of the AFF,has had a BYOD scheme since 2009 thatdelivers significant cost savings for thebusiness. The scheme is very popular withemployees and has been adapted to includetablet devices that have further enabled em-ployees to work the way that they want towhile also increasing their productivity.
“Cisco’s BYOD programme launched in2009 and includes its ‘Any Device’ pro-gramme, which provides corporate re-source access to Cisco employees securely,from any location, any device, anywhere.Internal reviews have demonstrated that,on average, the mobile device user gained atleast 15 minutes of productive time per day.This 15 minutes a day, is estimated to have avalue of US$300m a year,” says Ian Fodder-ing, chief technology officer at Cisco UK&I.
BYOD is an excellent example of how ad-vanced technologies can be harnessed to in-crease the agility of workforces of any sizeand structure – increasing productivity,delivering tangible benefits to the overallbusiness and individual employees. The examples mentioned within this articlehave been successful in driving agility be-cause they have been business led, extend-ing beyond the traditional HR remit of employee benefits. The schemes have alsoarisen from a thorough understanding ofthe needs of the business and its workforce.
Business competitiveness is dependenton adapting agile working practices; failureto do so will limit growth and inhibit theUK’s ability to compete globally. The fasterwe move towards implementing agileworking practices such as BYOD, the morecompetitive UK plc will be.Sir Win Bischoff is chair of the Agile FutureForum and chair of Lloyds Banking Group
BYOD can bring additional value to UK companies
SHU
TT
ERST
OC
K
6-7 Work Force Agility:Statesman supplements 29/10/2013 12:28 Page 5
8 | NEW STATESMAN | 1-7 NOVEMBER 2013
People are used to interacting digitallyin their personal and social lives, be itlooking at their friends’ holiday pho-
tos on Facebook, or engaging with othersvia Twitter on their tablet while watchingtheir favourite TV programme, all fromthe comfort of their sofa.
With the advent of smartphones, peoplehave been able to pack the same punch as aPC from their pocket. As such over the pastfew years, people have got to a stage wherethe devices they use in their personal life(such as smartphones and tablets), oftenoutstrip and outperform what they wouldcommonly use in their office environment.
What’s more, people quickly becomeused to their own devices, as buying themwas a conscious, personal decision. In theoffice environment, you are constrained touse the devices provided by the company’sIT department. Your personal device be-comes comfortable and second nature,keenly exemplified by the tribal like com-petition between Apple and Android users.This is the real genesis of BYOD; peoplewant to bring their own device to work be-cause it is better, they’re used to it, and theyare more competent using it.
Productivity and morale are clearlylinked and have huge implications for anybusiness; after all a happy worker is a pro-ductive worker. Organisations shouldn’tfear the rise of BYOD, thinking it’ll be diffi-cult or costly to implement. Rather, theyshould acknowledge and embrace it, as oth-erwise they’ll soon have demotivated anddisenfranchised employees, who won’t be
as productive in the working environment. BYOD makes people more productive
for two main reasons. First, they are using adevice they are comfortable using and aretherefore more likely to make more use of it in the working environment. Second, although BYOD is characterised by peoplebringing devices into work, companies alsobenefit from employees working outsidethe office. The mobility of devices allowsemployees to use them at home, when trav-elling or on a customer site, since their de-vice is so easy to use and to connect to theinternet. All this is good news for the em-ployer because in a BYOD culture peoplecan and usually do give more hours of pro-ductive time to the business.
Using personal devices also encouragesbetter collaboration and communication between workers. This is hugely importantfor businesses which may use audio or videoconferencing on the go from a tablet orsmartphone. This has clear benefits forglobal organisations, which can now pro-vide greater mobility to their workforce. Butit’s not only global players who benefit,since small businesses will get greater im-pact from their resources. It also meanshome workers can access meetings fromtheir device, improving productivity and
Managing the officein your pocket
The benefits companiesreceive far outweigh
the risks
by Donald McLaughlin
Bring-your-own-device is here to stay. So how do we make it work?
REMOTE WORKING
eradicating the need for expensive confer-ence phones. Improved collaboration has always meant companies can be much moreproductive, as it helps bring people togetherand speeds up decision making; BYODtechnology merely facilitates this collabora-tion, allowing employees to join meetingsfrom any device, wherever they are.
Recognising the trend of BYOD is onlythe first stage; adapting to the change is an-other. Companies should be organised andset up to embrace it, from an IT perspective,as well as being culturally and technologi-cally flexible enough to allow workers tobring their devices to work.
As is to be expected, cost factors are al-ways front of mind. But this goes beyondensuring that the network is able to supportpersonal devices; BYOD can actually be ahuge IT procurement cost saver since theorganisation will no longer have to provideevery employee with all devices.
What’s more, the maintenance of devicescan also become more of a self-supportingcommunity affair, detached from corporatecontrol. Although BYOD is often typifiedby smartphones and tablets, there are manypeople who use their own laptop in theworking environment. Internally, we’veseen wikis set up by Cisco employees onhow to troubleshoot their Macs for exam-ple, helping take the load off the IT depart-ment and what’s expected of them.
Cautious employers may incorrectlyequate BYOD with social media, and feelthat allowing staff to bring their smart-phone to work may encourage them to
8-9 Benefits:Statesman supplements 29/10/2013 11:24 Page 22
1-7 NOVEMBER 2013 | NEW STATESMAN | 9
SHU
TT
ERST
OC
K
spend all day on Facebook, for example. Yetat the heart of the cultural shift, there needsto be the realisation that the benefits com-panies receive from increased productivityfar outweigh the risks, and that BYOD en-courages empowerment that underpinsthe employer/employee relationship.
Companies hesitant to adopt BYOD runthe risk of not only demotivating theirworkforce but also losing talent to competi-tors willing to embrace it. It is a huge con-sideration for the next wave of employees,especially Generation Y, who in many casesconsider flexibility and device choice moreimportant than a higher salary.
Once BYOD is accepted in theory, thekey is to ensure its success in practice. Thefirst focus point from an internal perspec-tive will be the technological framework,making sure it’s fit for purpose and able tofacilitate the change. Security risks will bethe major concern for an IT department,since if a user is able to access the corporatenetwork on their phone, what are the im-plications for security? Could externalviruses be introduced and could sensitivecompany data and intellectual property be
taken by errant employees? Second, the cal-ibration and policies of the network maynot allow non-corporate devices to be con-nected and would need to be reconsidered.However, it must be stressed that both ofthese concerns can be easily mitigated byhaving the right network infrastructure in place. A company may wish to impose a geographical restriction, for example,which would only allow employees to ac-cess sensitive company information whilein the office. Essentially, all that is requiredinternally is a common-sense approach topolicies which address these security con-cerns, while allowing employees to accesscompany programmes and systems.
It’s important to recognise that the cul-tural and technological considerations areof equal importance; that to successfullyimplement BYOD, an organisation shouldhave executive-level buy-in and high-levelsponsorship that recognises the way peoplewant to work and is able to facilitate that todrive improved morale and motivation.The rules of engagement for BYOD are thesame, whether you’re a tech company or aretailer; the only difference is the internal
The new normal: working any time from any location
adoption culture. Similarly, the IT require-ments for smartphones or tablets are thesame; it’s merely a question of the user’s device preference.
In terms of trends, there is every indica-tion that people will have more devices inthe future. There is always a hype cyclearound new technology, exemplified by thenew wave of wearable technology such asGoogle Glass and the smart watch. It’s hardto imagine that five years ago we could havepredicted the huge uptake of tablet com-puting. Consumers have an insatiable ap-petite for the latest and greatest gadget, andthis will continue to feed BYOD culture.
In much the same way that flexible homeworking challenged the corporate statusquo that employees were only working ifthey were in the office, BYOD shifts thegoalposts for collaboration and productiv-ity. It has many positive benefits for organi-sations, from employee morale and reten-tion to attracting new talent into thebusiness. BYOD is here, and more impor-tantly it’s here to stay. Donald McLaughlin is director of UKICollaboration Sales at Cisco
8-9 Benefits:Statesman supplements 29/10/2013 11:24 Page 23
10 | NEW STATESMAN | 1-7 NOVEMBER 2013
Colin Rees knows more than mostabout other people’s eating habits,their takeaway habits at least. As IT
director for Domino’s he can tell, for ex-ample, that the most popular time to order a pizza across the week is between7pm and 9pm on a Friday, Saturday andTuesday night (Tuesday is special offernight). That’s the pattern that can be guar-anteed across the UK. In Germany, whereDomino’s has recently opened stores andwhere Sunday lunchtimes prove popularfor pizza, the pattern is different but noless consistent.
The past decade has witnessed, if not arevolution, then certainly a clear evolutionin the way we all handle and access infor-mation on the move.
Whether it’s through a portable laptop,smartphone or tablet, the majority of usnow own a mobile device and, accordingto a study commissioned by our office, almost half of us (47 per cent) are currentlyusing it for work purposes.
As this supplement has explored, al-lowing employees to use their devices forwork can bring numerous advantages. Theorganisation concerned does not have topay for a device that a person already ownsand the employee will already be familiarwith the device and therefore should have
fewer problems using it to carry out manyof the most common daily tasks, such asaccessing emails and editing documents.So it’s easy to see why the trend of allow-ing employees to use personal devices forwork is continuing to grow.
While this is all very well and good, thepractice raises clear concerns aroundwhether the personal information beingprocessed on these devices is being lookedafter properly. The Data Protection Act isclear: the responsibility to make sure thatpersonal information is being handledcorrectly lies with the data controller –normally the organisation collecting andusing the information – not their individ-ual employees. If the information is lost orcompromised, it is the employer that is ul-timately responsible and therefore in linefor potential enforcement action from myoffice, the Information Commissioner’sOffice (ICO), as the regulator of the Act.
If you consider that we can, in the mostserious cases, issue monetary penalties ofup to £500,000 and that a serious databreach can have an even bigger impact onan organisation’s hard-earned reputation,it is clear to see that effective measuresmust be put in place to ensure people’sdata is being looked after. This is evenmore important when the device in ques-
Protecting your assets
by SSimon Rice
Handling information in the correct way when using portable devices is critical. Failure to comply to strict data protection laws could land organisations in hot water
DATA LAWS
tion fits neatly into a trouser pocket, but isstill able to store the same amount of dataas a desktop PC.
Worryingly, this does not appear to behappening with a recent survey showingthat 70 per cent of those who use personaldevices for work currently receive noguidance from their employer explaininghow the information should be handled.This poses a significant risk and one thatmust be addressed.
You can see from some of our recentmonetary penalties where things can gowrong. In June 2013, a penalty of £150,000was issued against Glasgow City Councilfor the loss of two unencrypted laptops,one of which contained the personal in-formation of 20,143 people. In August2013, a penalty of £88,000 was issuedagainst Aberdeen City Council after inad-equate homeworking arrangements led to39 pages of personal data being uploadedon to the internet by a council employee.
Ensuring the safe and secure deletion ofdata is also important if the individual isno longer an employee, or they subse-quently want to sell or trade in their device. Let us not forget that our office has already served monetary penalties totalling £525,000 against two organisa-tions who failed to ensure that hard drives
10-11 Simon Rice ICO:Statesman supplements 29/10/2013 11:21 Page 22
1-7 NOVEMBER 2013 | NEW STATESMAN | 11
SHU
TT
ERST
OC
K
containing sensitive personal data weresecurely destroyed after use.
For some time, the ICO has been awareof this growing trend and the implicationsthat the insecure use of such devices hasfor an organisation’s compliance with theData Protection Act. This is why, in Marchof this year, we published new guidancecalled Bring Your Own Device (BYOD).
The guidance aims to help organisationsdevelop their own policies by highlightingthe issues they must consider. First andforemost, organisations must be clear
with staff about the types of personal datathat can, and more importantly can’t, bestored on personal devices.
An obvious risk from the outset is thatthe device, and therefore the informationstored on it, will be lost or stolen. There isalso a worry that the device may be misused. Employers will therefore need toconsider how they will mitigate this risk.
A very simple way to achieve this is toreduce the volume or type of personal dataavailable. For example, does a medical pro-fessional need to carry around copies of all
Glasgow City Council: has recently been fined under data protection laws
of their patients’ medical records, orwould it suffice to only store the personaltelephone numbers of patients in casethey need to contact them at short notice?If remote access is required to the recordsof a specific patient, these could be trans-ferred on to the device on the day requiredand removed afterwards. Remember, it isimportant that the security measures be-ing adopted by organisations should re-flect the sensitivities of the informationthat is being accessed.
Employers should make sure that theyunderstand the protection mechanismsavailable in the personal devices they allow to connect to their networks andmake sure that they are being used cor-rectly. For example, most modern deviceswill offer some sort of password access tothe device and support encrypting someor all of the data on the device. Organisa-tions will also need to know where theweaknesses are in these devices. It is im-portant that employers are not reducingthe level of security afforded to their in-formation by allowing additional devicesto access the network.
Another feature on most personal devices is the ability to lock the device, or delete all of the data stored on it, if the password is entered incorrectly on anumber of occasions. In most cases, thiscan be enabled on a device at little or no additional cost, but could make all the difference if the device is left at a restau-rant or stolen.
Smartphones and tablets can also beregistered and managed remotely usingspecialist software, commonly referred toas a Mobile Device Management (MDM)solution. An MDM solution can provide a remote wiping facility that locks ordeletes all of the information held on a device if it is reported lost or stolen bythe owner.
The majority of these measures costvery little and take a small amount of timeto introduce, but will help to keep the per-sonal information that employees are ac-cessing secure and ensure compliancewith the Data Protection Act.
We are not expecting a revolution inorganisations’ existing data protectionpractices, but an evolution to reflect theway the modern workforce is using andstoring people’s details is a must.Simon Rice, is group manager fortechnology at the InformationCommissioner’s Office (ICO)
Data protection dos and dontsThe ICO’s guidance on BYOD recom-mends the following:l Public cloud-based sharing and publicbackup services, which have not beenfully assessed, present many risks. Usewith extreme caution, if at all.l A remote locate and wipe facilityshould be registered to all devices. Thiswill maintain confidentiality of data inthe event of a loss or theft.l BYOD may lead to increased usage ofsocial media channels. In this instance, asocial media policy that includes clear
information about data protection lawscould be appropriate. l A clear separation between the per-sonal data processed on behalf of thedata controller and that processed for thedevice owner’s own purposes should bemaintained. For example, different appsfor business and personal use.l The choice of devices should be lim-ited to those which have been assessed asproviding appropriate security for thepersonal data being processed. l BYOD users should be given guidanceon the risks of downloading from the web.
10-11 Simon Rice ICO:Statesman supplements 29/10/2013 11:22 Page 23
12 | NEW STATESMAN | 1-7 NOVEMBER 2013
Despite the many obvious benefits thatbring-your-own-devices afford em-ployees and employers alike, it is
only natural that with new practices comenew security challenges.
People are far more mobile than ever before,” says Malcolm Hay, enterprisetechnology specialist at Intel EMEA, theworld’s leading maker of the semiconduc-tor chips that live in any desktop, laptop ormobile device. “Security is a hot topicright now. We’re collaborating more, andthere are many excellent tools that compa-nies and individuals can now use to shareitems. Most of these growing trends,BYOD included, mean higher securitythreats – whatever makes people moreproductive tends to makes risks worse.”
With increased flexibility comes increased responsibility, and anyone engaged in BYOD should learn how tokeep individual devices safe or companydata free from loss or intrusion. With ultra-mobility on the rise, the two mainquestions people are seeking answers toare how to make security more bullet-proof and how to make security work
better on increasingly smaller and lower-power devices.
So, be it personal laptops, tablets orsmartphones, what are the key areas ofconcern, what security features should in-dividuals be aware of, and what develop-ments does the future hold?
ENCRYPTIONHow to keep data secure isfrequently the top concernfor companies allowing
employees to access corporate informa-tion via personal devices. Often the go-tosolution is an encryption programme,which can be used to encode anythingfrom messages to data to passwords.
“Data protection takes us immediatelyto encryption,” explains Hay. “The dangerof unencrypted data is that if I steal yourdevice, I can read anything I like. Encryp-tion uses mathematical algorithms toscramble information up, so that if an intruder looks at it, they can only see hi-eroglyphic gobbledygook that would needto be unscrambled to read.”
Flexible, mobile,secureby Charlotte Simmonds
The number of security threats to a device is growing, but technology is fighting back
SECURITY
This encryption and decryption processis done via a cypher key which belongs tothe authenticated user and/or receiver.Historically used by governments and themilitary, encryption is now an incrediblypopular security tool when exchanging orstoring digital information.
Encryption is considered a simple andeffective way to keep both standing andin-transit data safe. However, the mainconcern is that it takes a lot of resources.“The scrambling process uses intensemathematics that can make a device runslower – particularly when moving downto the tablet and smartphone level whereprocessing power is reduced,” says Hay.
One solution is to embed encryptiontechnology into the hardware of a device’scentral processing unit (CPU) which, byits nature, is faster and less susceptible tohacking than software. Intel implementsseveral encryption-related security capa-bilities in hardware, including engineswhich are capable of much faster encryp-tion and decryption than traditional soft-ware algorithms; and random numbergenerators, which are used for cipher key
12-13 Work:Statesman supplements 29/10/2013 11:20 Page 22
1-7 NOVEMBER 2013 | NEW STATESMAN | 13
PIC
TU
R E
CR
EDIT
generation and deliver more secure keysthan before. “You need both soft andhardware capabilities. No solution is 100per cent foolproof, but by focusing on in-creasing hardware capability we can get99.99 per cent assurance,” explains Hay.
PASSWORDSA password is often thefirst line of defence be-tween the outside world
and the data on a device. Password and pincodes are one of the most everyday toolsused to access private spaces on comput-ers, phones, files or emails.
Passwords can be strengthened by un-usual characters, cryptographic scram-bling or by programmes that request ran-domly generated pieces of the passwordrather than the whole thing. Passwords,however, are often controlled by softwarerather than hardware, which can leave de-vices vulnerable to prying eyes.
“Whenever you put a pin code into a device you always run the risk that there iskeyboard logger malware [malicious soft-ware] in the system,” says Hay. “The mal-ware can get hold of your password be-cause it can see the keystrokes being sentacross the network.”
Password safety falls under the um-brella of “identity protection” and can bestrengthened, like most other IP features,by embedding password recognition intothe hardware of a device.
“Putting password capability into a device’s hardware completely locks themalware out,” says Hay. “It becomes auser-to-silicone-chip interaction – nomemory, no software, no chance to seewhat is going on. It is important to keeppasswords as an interaction exclusivelybetween the user and the back end – a per-
son-to-hardware bubble.”
VIRUSESViruses are self-replicatingmalicious software that
hamper a device’s ability to function.Viruses can steal hardware space, accessprivate information, corrupt data, spamcontacts or log keystrokes when enteringpasswords. Having robust anti-virus soft-ware is a must when bringing personal de-vices into work.
Intel warns particularly about a growingvirus type known as “rootkit viruses”,
which are particularly difficult to detectbecause they exist before a computer orphone has even been booted up.
“The rootkit virus gets on to a device before the operating system (OS) startsrunning. Most antivirus scanners are onlycapable of seeing viruses that are runninginside the OS. These rootkits embed them-selves below the operating system, makingthem the worst kind of virus – hard to catchand on the rise,” explains Hay.
To tackle the issue, new software cur-rently in development can act as a kind“watchdog” – overseeing the OS boot up process from an isolated position, enabling it to communicate with the over-arching anti-virus protection if it observesanything untoward taking place.
ANTI-THEFTPROTECTION
Flexible working meansemployees often take devices used at workinto communal areas such as cafes, lib-raries and other public meeting points.Unfortunately, such convivial spaces canleave devices – and the personal and com-pany data contained within – more opento unwanted observation and even theft.
Anti-theft technology is increasinglyaddressing these concerns at hardwarelevel. Stolen devices can now be told viaSMS to “lock down” and cloak importantdata such as encryption keys, passwords,and other critical files. Furthermore, anti-theft technology can be set to trigger if the device senses it is being tampered with.This could include failed password-loginattempts that occur multiple times in a row (implying random guesses from a thief or malware) or if the device fails to rendezvous with a centre securityserver at a predetermined time (set by theuser). Meanwhile, increasingly sophisti-cated locating programmes can even pin-point a stolen laptop on a map via 3G mod-ule GPS systems.
DIGITALCERTIFICATES
When it comes to security,what should really give users confidence ispossessing two things, says Hay, “some-thing you know and something youhave”. This “something you know” tends
to be a password, pin code or encryptionkey. The “something you have” is called adigital certificate, and it works a bit like avirtual fingerprint – a proof of authentic-ity that devices (and by default, you) arewho they say they are.
“When you show up in a foreign coun-try, your passport implies you are trustedto be let in. A digital certificate does this incomputer-speak. It verifies your device’sidentity and allows you to make connec-tion with other computers, share data, orjoin a network.”
Digital certificates can be obtained froma certification authority and used to ensure a device’s legitimacy. Certificatescan also be used to encrypt information ormessages so that only the recipient withthe correct digital ID can read it. Once verified, this exchange of certificates hap-pens implicitly at software level, leavingusers blissfully unaware. However, thereis always the worry that certificates can beforged or stolen, thus allowing an indivi-daul to pretend to be someone else. Bury-ing a digital certificate at hardware levelcan make them much more difficult foranyone to impersonate.
LOOKING AHEADThe future of device secu-rity looks promising, withincreasing focus on user-
friendly and adaptable solutions.Biometrics are on the rise – with Apple’s
new fingerprint login for iPhones a keyexample. It is a trend Hay thinks is set to continue.
“From a user-experience point of view, itis a pain to remember lots of passwords,”he explains. “You end up using the samepassword for everything: emails, banking,logins, etc, which isn’t very safe. Our directional thinking is about improvingthe user experience, which will ultimatelyget rid of passwords entirely. We are looking at 3D facial recognition which, likeother biometric technologies, will be moreconvenient and harder to steal.”
In the future we could also see more “location-sensitive” devices which allowcertain privileges based on where they are.Imagine a device that granted access tocorporate data during in-office use, but adjusted its security settings or accesslevels if taken to the local Starbucks.“Could this make sense for BYOD in thefuture?” asks Hay. “Absolutely.”
12-13 Work:Statesman supplements 29/10/2013 11:20 Page 23
14 | NEW STATESMAN | 1-7 NOVEMBER 2013
BYOD is not a panacea for allbusiness painsAs Sage UKI’s chief technology officer I’velooked long and hard to see if BYOD is ap-propriate for our 2,500 staff, and haveconcluded that, at this stage, a full imple-mentation will not be made due to a num-ber of hidden costs and challenges.
Take, for example, the influx of addi-tional devices on the company’s infrastruc-ture. Network performance (speed) cansuffer and ultimately mean you need to buynetwork kit to manage the change in accesstype (Wi-Fi from wired) and usage.
Equally, many enterprise applications(the software tools used to do the job)aren’t yet configured for BYOD, resultingin frustrations for staff. For example, theneed to use a webmail version of email in-stead of a native client that pushes mes-sages seamlessly to mobile devices.
And who pays for the device usage? If abusiness only wants to pay for work-related calls and data, it puts a large burdenon the finance team to validate claims.This makes it much more challenging toforecast and manage cash flow, particu-larly for companies with large numbers ofemployees, such as ours.
By shifting the hardware cost to theuser, the BYOD model allows firms to sig-nificantly reduce technology costs. How-ever, it is very important for staff to havethe right tools to do their jobs effectivelyand in some cases this can only really beachieved if the IT department fully man-ages the devices used to ensure uptime, security and compliance. Businesses need
to ensure they consider every facet of theissue before making a disruptive decision.Stuart Lynn is CIO at Sage UKI
Data security is the prime concernGiven the ever increasing memory andstorage afforded by the current generationof devices, it is becoming increasingly easyfor people to carry huge amounts of sensi-tive data around with them. No wonder,then, that the loss of confidential companydata is a major concern for employers.
The train is still the number one hotspotfor laptop loss and theft, with homes andairports coming second and third respec-tively, according to the 2013 VAIO DigitalBusiness report. And just 28 per cent ofbusinesses have security features on lap-tops as standard, while nearly half spendless than £1,000 a year on security.
There are readily available security solutions that are not only easily imple-mented regardless of IT infrastructure,but that act as a ready-made safety net forthose firms transitioning to BYOD. Security features such remote lockdownand location tracking are available onmany models, including the VAIO range,right out of the box. With data securitythe primary concern for businesses, theseare as important as the decision to go mobile itself.
BYOD should be rationalised on a case-by-case basis, with employee demandsbalanced against the pros and cons. For ex-ample, the need for education on how toutilise available mobile security measuresis just as critical as having quality, light
A balancing act
From corporates large and small to government bodies, there are both benefits and disadvantages to BYOD policies
DECISION MAKING
weight machines, with strong battery life.Simple steps like these would go a long wayto defusing the time bomb represented bythe UK’s one million missing laptops.Ruth Storey is category marketing managerat Sony, Vaio
A necessary part of a digitalgovernment In the past, the performance of workplacecomputers was well ahead of what the av-erage person could realistically aspire toown. Now, with nearly 80 per cent ofhouseholds online and over half of UKadults owning a smartphone, this is nolonger the case, as our report Smaller, Bet-ter, Faster, Stronger: Remaking governmentfor the digital age, which surveyed over2,000 public-sector employees’ attitudes totechnology, highlighted.
When asked to think about how thetechnology available to them at work com-pares to what they have at home, 37 per centfelt their workplace technology was worse.Furthermore, 36 per cent said their organi-sation’s leadership didn’t understand whattools they needed to do their job well. Con-sidering the need for a truly digital govern-ment, ignoring the potential of BYOD is ig-noring the realities of how people work intoday’s world. BYOD presents the oppor-tunity for public-sector workers to make thebest use of technology, increasing produc-tivity while allowing for personal choice ofdevice, thus raising workplace satisfaction.Sarah Fink is a research fellow in the DigitalGovernment Unit at Policy Exchange
15 voxpops:Statesman supplements 29/10/2013 11:43 Page 4
1 in 4 UK businesses has either lost a laptopor had one stolen
of laptops do not feature anti-theftsecurity as standard
42%
72%
P A S S
W 0 R D
52%
56%
£1,000
of laptop owners usedata encryption as asecurity tool
the amount 49% of UK businessesspend (or less) on IT security
the amount businesses could be fined bythe ICO for loss of personal data
million
of businesses allow access totheir networks via personaldevices in some form
missing laptopsin the UK
£500,000
82% of people don’t change their password monthly, asrecommended
20% of respondents never change their password
17% only change it when prompted
5% of people still use the word“password” as their password
26% of companies globallysay “security” is thebiggest BYOD challenge
17%
14%
19%
22%
36%
38%
38%
23%25%
The global view: percentage of companies citing security as the biggest BYOD risk
of IT managers want to restrict access
The bring-your-own-device security challengeFACTS & FIGURES
Sour
ce: S
ony;
Cis
co; A
ppSe
nse
1-7 NOVEMBER 2013 | NEW STATESMAN | 15
02 & 15 Infographics:Statesman supplements 29/10/2013 11:06 Page 23
